Duuzer Trojan: A Recent Backdoor Targeting Organizations

A recent Backdoor Trojan better named as Duuzer has been uncovered and is in the news for malicious purposes. Yes you guessed it right, it is wreaking havoc particularly in the Organizations and firms in South Korea. However, it is known to spread elsewhere sooner or later. This has been a major security issue that is giving sleepless nights to researchers as they are seriously looking to curb this menace. It is known to target computers that are running with security loop holes and other flaws and is targeting both 32-bit and 64-bit Operating system of Win 7, Windows Vista and XP.

Summary : Duuzer Trojan

Discovered: August 21st 2015

Threat Type: Trojan

Nature of infection: Severe

Windows Targeted: Win 7, Windows Vista & Windows XP

Technical Description:

Duuzer Trojan is known to invade on the compromised system that has already been infected by some malware or other known threats. However there is no specific information regarding exactly how it spreads or what is the vector distributing it. According to experts, this trojan is known to use spear phishing emails as well as watering hole attacks are the main strategy that has been used by hackers for its distribution. However, as soon as it executes on the compromised PC, it opens and operates a back door and establishes a remote connection to the following locations having these IP’s

This is why it is considered as a big threat for the very nature of stealing important data and sensitive information. It tracks vital information viz, Computer Name, Username, IP, Location etc to the hackers. In order to target maximum Windows machine, Duuzer Trojan uses obfuscation mechanism. A process which is being used to rename files with some legit ones so that it remains hidden from security program and keeps on running in the background. This is why it is most difficult to be traced.

What makes Duuzer Trojan so Deadly

access system and drive information

activates and end processes without manual intervention

easily accesses, modifies and deletes files.

Uploads and Downloads additional files

Changes attributes of files

drops malicious codes and commands

hacks data of infected system

Research is being conducted on exactly how this dreadful trojan spreads or targets system all across. As of now, Researchers of Symantec have revealed that it might be using Spear Phishing and Watering Hole attack to infect and target computers. Besides, it also detects whether the system is running on VMWare, Virtual Box or any other virtual machine before carrying out is Routine attack. It uses obfuscation to rename the files with that of legit application to escape detection easily. Therefore it becomes quite necessary to stay alert and even if slight changes are evident on system, scan our system in order to get rid of malware .